What are Managed Apple IDs in Apple Business Manager?
Like any Apple ID, Managed Apple IDs are used to sign in to a personal or shared device. They’re also used to access Apple services—including iCloud and collaboration with iWork and Notes. And administrators and staff use them to sign in to Apple Business Manager. Unlike personal Apple IDs, Managed Apple IDs are owned and managed by your organization—including password resets and role-based administration. Apple Business Manager makes it easy for organizations to create and manage these accounts at scale. Managed Apple IDs don’t support Family Sharing.
Important: A user with a Managed Apple ID can be locked out of their account if they enter an incorrect password more than 10 times, or, if the account is suspected of fraudulent activities by Apple. To reset their password, the user must contact an Apple Business Manager administrator, People Manager, or another user with password reset privileges. For accounts locked due to suspected fraudulent activities, an Apple Business Manager administrator must contact Apple to have the account unlocked. At that point, the user’s password can be reset by the Apple Business Manager administrator.
Service access with Managed Apple IDs
Because Managed Apple IDs are owned by the organization, certain features are disabled.
Note: Not all of these services are available in all countries or regions.
Services | Platform | Description |
|---|---|---|
Apple Pay | iOS iPadOS macOS | The user can’t use it. |
Specific iCloud features | iOS iPadOS macOS Web | The user can’t access the following services:
|
App Store iTunes Store Apple Books | iOS iPadOS macOS | Allows browsing but not purchasing, paid, or free. |
Media services | iOS iPadOS macOS Web | The user can’t access the following services:
|
Find My | iOS iPadOS macOS Web | The app appears, but the user can’t use it. |
Sidecar | macOS | The user can’t use it. |
Home | iOS iPadOS macOS | The user can’t add HomeKit devices to the Home app. |
How Managed Apple IDs are created
Managed Apple IDs are created after you:
Use federated authentication with Microsoft Azure Active Directory (Azure AD)
Use SCIM with Microsoft Azure Active Directory (Azure AD)
Create accounts manually
Important: Keep in mind that every Managed Apple ID must be unique. It also can’t be the same as other Apple IDs that your administrators, managers, and staff may already have.
How Managed Apple IDs are used
As an administrator or manager, you use Managed Apple IDs in two main ways—with accounts and roles.
Accounts: Administrators can complete a range of tasks within Apple Business Manager to manage accounts. For example, you can assign roles or reset passwords for a specific set of users.
Roles: After a Managed Apple ID is created for a user, the administrator can then assign roles for the user. These roles define which tasks users can perform in Apple Business Manager with their Managed Apple ID.
In addition, the administrator and manager can manually add an account at any time, such as when a temporary user is added to your organization. You can also view and edit account information, such as the user’s name, ID number, and more. Depending on your role, you can also reset a user’s Managed Apple ID password, and delete or deactivate an account.